FortiADC provides the method to execute any AWS API for users – Users can upload Python script to FortiADC （system > AWS Scripting page）with traffic group setting and execute this script on the FortiADC to which its traffic group belongs.
If two FortiADCs are in different traffic groups for HA-VRRP mode, they can execute script individually, and communicate with AWS when doing the HA switch.
- Execute manually from GUI, upload scripts, choose traffic-group, click “Run”
- Traffic-group takes effect in new device and will execute scripts after doing HA switch
Command to check which traffic-group this device belongs:
get system traffic-group-status detail
To execute AWS API, set the following on FortiADC:
config system aws
set region us-west-1 (set region name as need)
set accesskey XXXXXXXXXX (get from .csv file when create user on AWS)
set secretkey XXXXXXXXXX (get from .csv file when create user on AWS)
Example: This script modifies the default rout in the AWS route table, when the default traffic group works in the new ADC
aws ec2 replace-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --network-interface-id $eni_id
echo "do noting"